Note: I was only describe the Panel and Builders Features. all the requirements and docs available in the Readme.MD Files.
BOFAMET is a comprehensive solution for collecting data from target systems, consisting of a collector module (stealer) and a centralized command and control (C2) server. The collector, written in GoLang, is compiled into a standalone Windows executable, and the collected data is transmitted to the C2 server, developed using FastAPI. The collector also features a dedicated builder with a modern Electron-based graphical interface for easy customization.
———————————————————————————————————————————————————————————–
BOFAMET Key Features:
Browser Data Extraction:
-
Retrieves saved login credentials (usernames, passwords) from a wide range of web browsers (Chrome, Edge, Opera, Yandex, Brave, Vivaldi, Slimjet, Iridium, CentBrowser).
-
Collects browser cookie files for potential authentication bypass.
-
Extracts browsing history and autofill form data from supported browsers.
———————————————————————————————————————————————————————————–
System Information Collection:
Detailed gathering of information about the host system, including:
-
Operating System (type, version).
-
Hardware (processor, core count, RAM, disk space information).
-
Network configuration (local IP address, MAC address, Wi-Fi SSID, and BSSID data).
-
User information (username, computer name).
-
Public IP address identification and geolocation data (city, region, country, latitude, longitude).
———————————————————————————————————————————————————————————–
Desktop Screenshot: Captures an image of the current desktop of the target system.
Telegram Session Extraction: Attempts to retrieve local Telegram session files (by forcibly terminating the Telegram process to gain access to session files).
Discord Token Discovery: Scans the system for Discord authentication tokens in various locations and records them.
Steam Configuration: Copies configuration files of the Steam client.
Epic Games Configuration: Copies configuration files of the Epic client.
Targeted File Exfiltration: Searches for and steals files with specific extensions (.doc, .docx, .xls, .xlsx, .txt, .ppt, .pptx, .pdf, .bmp) from user directories.
Crypto Wallet Extraction: Identifies and copies files associated with cryptocurrency wallets (e.g., wallet.dat, key.json, keystore, mnemonic.txt, seed.txt, as well as SSH keys like id_rsa).
Data Transmission: Archives all collected data into ZIP files and subsequently transmits them, along with system information and geolocation data, to the configured C2 server.
———————————————————————————————————————————————————————————–
BOFAMET Builder is now an Electron-based desktop application designed to create a customizable executable file for the GoLang collector.
BOFAMET Builder Key Features:
Modern GUI: User-friendly graphical interface built with Electron, HTML, CSS, and JavaScript.
C2 Server Configuration: Interactive setting of the IP address and port of the central control server to which collected data will be sent.
Output File Customization:
-
Ability to specify the desired name for the compiled malware executable.
-
Ability to choose the output directory for the compiled .exe file.
EXE Compilation (GoLang):
-
Compiles the GoLang collector into a single, self-contained Windows executable (.exe).
-
Includes the -H=windowsgui flag to ensure the compiled malware runs without a visible console window.
